* A * (STAR) ON A LINE WILL BE IGNORED BY THE DATA COLLECTION PROCESS.
* THE FOLLOWING INFORMATION IS TO EXPLAIN THIS FILE:
*
*
* 01-08: THE MEMBER NAME USED IN THE SENSITVE.RPT.
* 09-09: A 0 INDICATES THIS TYPE OF RECORD
* 10-11: IS THE IDENTIFIER USED TO IDENTIFY THE GROUPING OF DATA SETS
*        IN THE CNTL(DSNLIST) MEMBER AND TEMP3 FILE.
* 13-20: IDENTIFIES THE PDI MEMBER NAME USED TO STORE THE FINDING DETAILS.
* 22-80: FIELD IS VARIABLE IN LENGTH AND IS USED AS A TITLE IN THE
*        MEMBER IN THE SENSITVE.RPT.
*
* ALL ENTRIES MUST END WITH AN @.
*
PARMRPT 0AA ACP00010 PARMLIB CONCATENATION@
LINKRPT 0AB ACP00020 SYSTEM LINKLIB LIBRARY@
SVCRPT  0AC ACP00030 SYSTEM SVCLIB LIBRARY@
IMAGERPT0AD ACP00040 SYSTEM IMAGE LIBRARY@
LPARPT  0AE ACP00050 SYSTEM LPALIB LIBRARY@
NUCLRPT 0AF ACP00080 SYSTEM NUCLEUS LIBRARY@
UADSRPT 0AG ACP00170 SYSTEM UADS LIBRARY@
DUMPRPT 0AH ACP00200 SYSTEM DUMP DATA SETS@
TRACERPT0AI ACP00220 SYSTEM TRACE LIBRARY@
SYSREXX 0AK ACP00062 System REXX Datasets@
APFXRPT 0BA ACP00060 APF LIBRARIES@
LNKXRPT 0BB ACP00110 LINKLIST LIBRARIES@
LPAXRPT 0BC ACP00070 LPA LIBRARIES@
PPTXRPT 0BD ACP00100 PPT LIBRARIES@
MVSXRPT 0BE ACP00240 MVS EXIT LIBRARIES@
APFTRPT 0BF          TSO APF-AUTHORIZED@
SMFXRPT 0BG ACP00180 SMF LIBRARIES@
PROCRPT 0BH ACP00250 JES2 PROCEDURES@
CATMRPT 0BI ACP00130 MASTER SYSTEM CATALOG@
CATURPT 0BJ ACP00135 USER SYSTEM CATALOGS@
SMPERPT 0BK ACP00140 SMP/E DATA SETS@
PGXXRPT 0BL ACP00230 SYSTEM PAGE@
JES2RPT 0BM ACP00150 JES2 HASP@
SMFBKRPT0BN ACP00190 SMF DUMP/BACKUP@
BKUPRPT 0BO ACP00210 SYSTEM DASD BACKUP@
ACPRPT  0BP ACP00120 SECURITY DATA SETS@
* PRODRPT 0BQ          PRODUCT INSTALL DATASETS@
HFSRPT  0CE ZUSS0031 UNIX HFS FILES@
USSRPT  0CF ZUSS0032 UNIX SYSTEM SERVICES@
STLLRPT 0CG ZUSS0033 UNIX STEPLIBLIST@
SMSRPT  0CI ZSMS0020 DFSMS@
TCPRPT  0CM ITCP0070 TCPIP@
HTTPRPT 0CP          HTTP@
FTPRPT  0CR IFTP0080 FTP@
* A * (STAR) AT THE BEGINNING OF A LINE WILL BE IGNORED BY THE DATA
* COLLECTION PROCESS.
*
* 02/15/2005 JL.NELSON UPDATED TO MATCH STIG VERSION 5.0
* 04/21/2005 JL.NELSON DROPPED OBSOLETE ENTRIES
* 05/09/2005 JL.NELSON ADDED COMMENTS FOR DIALOG AUTHORIZED GROUPS
* 10/12/2006 CL.FENTON REMOVED REDUNDANT READ ENTRIES, ADDED OMVSAUDT
*            FOR HFS DATA SETS OMVS KERNEL.
* 11/02/2006 CL.FENTON ADDED DUMPAUDT FOR IDS THAT PERFORM DUMP PROCESSING
* 03/05/2007 CL.FENTON ADDED ENTRIES FOR TRUSTED STCS (TSTCAUDT)
* 11/30/2007 CL.FENTON added DAEMAUDT and SERVAUDT for Unix resources.
* 08/24/2015 CL.FENTON added new group APPBAUDT, STS-011536.
* 08/17/2016 CL.FENTON added new vulnerability ACP00062, STS-015247.
* 09/20/2016 CL.FENTON changed reference for IAO to ISSO.
* 10/26/2016 CL.FENTON added DASDAUDT access UPDATE to ZSMS0020, STS-015911.
* 05/08/2017 CL.FENTON added TAPDAUDT to DIALOG entries, STS-016961.
* 01/16/2018 CL.FENTON added MCATBAT to DIALOG entries, STS-019158.
* 05/14/2018 CL.FENTON added UPRVAUDT to DIALOG entries, STS-019537.
* 01/29/2019 CL.FENTON deleted UPRVAUDT and replaced it with BPXSUSTC,
*            STS-021028.
*
* THE FOLLOWING INFORMATION IS TO EXPLAIN THIS FILE:
*
* THERE ARE THREE (3) TYPES OF RECORDS IDENTIFIED IN THIS FILE.
*
*   1.  IDENTIFIED GROUP ACCESS - IDENTIFIES THE GROUP OF USERS AND
*       LOWEST ACCESS THIS GROUP IS AUTHORIZED TO HAVE.
*
*   2.  ALL USERS ACCESS - THIS RECORD IS IDENTIFIED BY A * IN THE
*       SECOND FIELD AND IDENTIFIES THE HIGHEST ACCESS FOR ALL USERS.
*       THE DEFAULT IS NONE.
*
*   3.  LOGGING REQUIREMENTS/PDI INFORMATION - THIS RECORD IS IDENTIFIED
*       BY A BLANK IN THE SECOND FIELD.  IT CONTAINS THE LOWEST ACCESS
*       THAT LOGGING WILL START, IF NONE IS SPECIFIED NO LOGGING IS A
*       REQUIREMENT IS NEEDED FOR THIS RECORD.  IT ALSO IDENTIFIES THE
*       PDI FOR ACF2, RACF, AND TSS.
*       THE DEFAULT IS NONE.
*
* THE FOLLOWING DEFINES THE FIELDS THAT ARE AVAILABLE FOR ALL RECORDS.
*
* THE FIRST FIELD - POS 1-8 - THE MEMBER IN THE SENSITVE.RPT.
*
* THE SECOND FIELD - POS 10-17 - DEFINED AS FOLLOWS:
*     1.  A 8 CHARACTER MEMBER IDENTIFIED IN
*         SYS*.SRRAUDIT.DATA AUTHORIZED USER LIST.  (EX XXXXAUDT)
*           THIS DATA SET IS CREATE DURING THE DIALOG PROCESS.
*     2.  AN '*' IN THIS POSITION DESIGNATES ACCESS FOR ALL USERS.
*     3.  IF FIELD IS BLANK IT IDENTIFIES THE LOGGING REQUIREMENTS
*
* THE THIRD FIELD - POS 19-26 - DEFINED AS FOLLOWS:
*     1.  THE HIGHEST ACCESS REQUIREMENT FOR THE GROUP OF
*         USERS IF THE SECOND FIELD SPECIFIES A PREFIX OR '*'.
*     2.  THE LOWEST ACCESS FOR WHICH LOGGING WILL OCCUR IF
*         THE SECOND FIELD IS BLANK.
*
* THE REMAINING - POS 28-80 - COMMENTS.
*
* THE FOLLOWING ENTRIES ARE USED BY THE DIALOG, DEFINE GROUPS HERE
*        MEMBER    USED TO GROUP IDS BY ACCESS REQUIREMENTS
* DIALOG SYSPAUDT  Systems Programmers or Systems Administrators
* DIALOG PARMSTC   Users that have READ access justification via ISSO.
* DIALOG SECAAUDT  Security Administrators
* DIALOG SECDAUDT  Decentralized Security Administrators
* DIALOG SECBAUDT  Security batch, jobs that perform ACP maintenance
* DIALOG AUDTAUDT  Auditors whether they are System, Security, or other
* DIALOG TSTCAUDT  Trusted Started Tasks users
* DIALOG PCSPAUDT  Production Control and Scheduling personnel
* DIALOG DPCSAUDT  Decentralized Prod Cntl and Sched personnel
* DIALOG AUTOAUDT  Automated Operation STCs/Batch Jobs
* DIALOG OPERAUDT  Operations personnel
* DIALOG DASDAUDT  DASD Administrators
* DIALOG TAPDAUDT  Decentralized Tape Librarians.
* DIALOG TAPEAUDT  Tape Librarians, CA1 Prod Batch Jobs, and CA1 STCs.
* DIALOG EMERAUDT  Emergency TSO logon ids
* DIALOG MQSAAUDT  MQ Series Administrators
* DIALOG MQSDAUDT  Decentralized MQ Series Administrators
* DIALOG DABAAUDT  Data Base Administrators
* DIALOG WEBAAUDT  Web Server Administrators
* DIALOG PRODAUDT  Production Started Tasks and batch logon ids
* DIALOG DASBAUDT  DASD batch, jobs that perform DASD Backups, Migrate
* DIALOG SMFBAUDT  STCs/BATCH ids that perform SMF dump processing
* DIALOG DUMPAUDT  STCs/Batch ids that perform Dump processing
* DIALOG STCGAUDT  STCs ids, that perform GTF processing
* DIALOG OMVSAUDT  The OMVS started task kernel
* DIALOG CONSOLES  The System Console user ids
* DIALOG DAEMAUDT  Unix Daemon user ids
* DIALOG SERVAUDT  Unix Server user ids
* DIALOG SUPRAUDT  User ids that require BPX.SUPERUSER
* DIALOG CHGOWNER  Users authorized to issue the chown in UNIX.
* DIALOG APPBAUDT  Application Production Batch Userids.
* DIALOG APPDAUDT  Application Development Programmers.
* DIALOG APPSAUDT  Application Production Support Team members.
* DIALOG BMCUSER   INCONTROL Users of CONTROL-D/M/O.
* DIALOG BMCADMIN  INCONTROL Admins/Owners of CONTROL-D/M/O.
* DIALOG SYSCAUDT  CICS Systems Programmers.
* DIALOG CICSAUDT  CICS Started Task.
* DIALOG CICBAUDT  CICS Batch Programs.
* DIALOG CICUAUDT  CICS Utils (CONTROLO, BatIDs via CONTROLM, MAINVIEW)
* DIALOG CICDAUDT  CICS Developers.
* DIALOG CICSDEF   CICS regions default user ids (DFLTUSER).
* DIALOG MVREAD    Mainview users that require read only mode.
* DIALOG MVUPDT    Mainview users that require some update functions.
* DIALOG FTPUSERS  FTP only process/server to server userids
* DIALOG MICSADM   MICS Administrators
* DIALOG MICSUSER  MICS End Users
* DIALOG ROSCAUTH  ROSCOE Master and Maintenance IDs
* DIALOG IOABAUDT  IOA batch users for operations
* DIALOG MCATBAT   Batch users requiring ALTER access to Master Catalog
* DIALOG BPXSUSTC  STCs requiring certain BPX and SUPERUSER access
*
*
* LEVEL          RACF                TSS                 ACF2
* -----   ------------------  -----------------   -----------------
*    0    NONE                NONE                NONE
*    1    EXECUTE             FETCH               EXEC
*    2                        NOCREATE
*    3    READ                READ     INQUIRE    READ
*    4                        WRITE
*    5    UPDATE              UPDATE              WRITE
*    6    CONTROL             CONTROL
*    7                        CREATE
*    8                        SCRATCH
*    9    ALTER               ALL                 ALLOC
*
*XXXXXXX XXXXXXXX XXXXXXXX
ACPRPT            READ
ACPRPT   *        NONE
ACPRPT   AUDTAUDT READ
ACPRPT   DASBAUDT READ
ACPRPT   SECAAUDT ALTER
ACPRPT   SECBAUDT ALTER    (SECURITY BATCH JOBS)
ACPRPT   SYSPAUDT ALTER
ACPRPT   TSTCAUDT ALTER
APFXRPT           WRITE
APFXRPT  *        READ
APFXRPT  SYSPAUDT ALTER
APFXRPT  TSTCAUDT ALTER
BKUPRPT  *        READ
BKUPRPT  DASDAUDT ALTER
BKUPRPT  DASBAUDT ALTER
BKUPRPT  SYSPAUDT ALTER
BKUPRPT  TSTCAUDT ALTER
CATMRPT           WRITE
CATMRPT  *        READ
CATMRPT  MCATBAT  ALTER
CATMRPT  SYSPAUDT ALTER
CATMRPT  TSTCAUDT ALTER
CATURPT           ALTER
CATURPT  *        UPDATE
CATURPT  MCATBAT  ALTER
CATURPT  SYSPAUDT ALTER
CATURPT  TSTCAUDT ALTER
DUMPRPT  *        NONE
DUMPRPT  AUDTAUDT READ
DUMPRPT  DASDAUDT ALTER
DUMPRPT  DUMPAUDT ALTER
DUMPRPT  PCSPAUDT ALTER
DUMPRPT  SYSPAUDT ALTER
DUMPRPT  TSTCAUDT ALTER
DUMPRPT  TAPEAUDT ALTER
HFSRPT   *        READ
HFSRPT   OMVSAUDT ALTER    OMVS KERNEL ONLY <<==========
HFSRPT   SYSPAUDT ALTER
HFSRPT   TSTCAUDT ALTER
FTPRPT            WRITE
FTPRPT   *        READ
FTPRPT   SYSPAUDT ALTER
FTPRPT   TSTCAUDT ALTER
IMAGERPT          WRITE
IMAGERPT *        READ
IMAGERPT SYSPAUDT ALTER
IMAGERPT TSTCAUDT ALTER
JES2RPT  *        READ
JES2RPT  PCSPAUDT UPDATE
JES2RPT  SYSPAUDT ALTER
JES2RPT  TSTCAUDT ALTER
LINKRPT           WRITE
LINKRPT  *        READ
LINKRPT  SYSPAUDT ALTER
LINKRPT  TSTCAUDT ALTER
LNKXRPT           WRITE
LNKXRPT  *        READ
LNKXRPT  SYSPAUDT ALTER
LNKXRPT  TSTCAUDT ALTER
LPARPT            WRITE
LPARPT   *        READ
LPARPT   SYSPAUDT ALTER
LPARPT   TSTCAUDT ALTER
LPAXRPT           WRITE
LPAXRPT  *        READ
LPAXRPT  SYSPAUDT ALTER
LPAXRPT  TSTCAUDT ALTER
MVSXRPT           WRITE
MVSXRPT  *        READ
MVSXRPT  SYSPAUDT ALTER
MVSXRPT  TSTCAUDT ALTER
NUCLRPT           WRITE
NUCLRPT  *        READ
NUCLRPT  SYSPAUDT ALTER
NUCLRPT  TSTCAUDT ALTER
PARMRPT           WRITE
PARMRPT  *        NONE
PARMRPT  AUDTAUDT READ
PARMRPT  AUTOAUDT READ
PARMRPT  OPERAUDT READ
PARMRPT  PARMSTC  READ
PARMRPT  SECAAUDT UPDATE
PARMRPT  SYSPAUDT ALTER
PARMRPT  TSTCAUDT ALTER
PGXXRPT  *        NONE
PGXXRPT  AUDTAUDT READ
PGXXRPT  SYSPAUDT ALTER
PGXXRPT  TSTCAUDT ALTER
PPTXRPT           WRITE
PPTXRPT  *        READ
PPTXRPT  SYSPAUDT ALTER
PPTXRPT  TSTCAUDT ALTER
PROCRPT  *        READ
PROCRPT  SYSPAUDT ALTER
PROCRPT  TSTCAUDT ALTER
SMFXRPT           WRITE
SMFXRPT  *        READ
SMFXRPT  PCSPAUDT UPDATE   VSAM DATA SETS
SMFXRPT  SMFBAUDT CONTROL  (SMF BATCH JOBS)
SMFXRPT  SYSPAUDT ALTER
SMFXRPT  TSTCAUDT ALTER
SMFBKRPT          WRITE
SMFBKRPT *        READ
SMFBKRPT PCSPAUDT ALTER    VSAM DATA SETS
SMFBKRPT SMFBAUDT ALTER    (SMF BATCH JOBS)
SMFBKRPT SYSPAUDT ALTER
SMFBKRPT TSTCAUDT ALTER
SMPERPT  *        READ
SMPERPT  SYSPAUDT ALTER
SMPERPT  TSTCAUDT ALTER
SMSRPT   *        READ
SMSRPT   DASDAUDT UPDATE
SMSRPT   SYSPAUDT ALTER
SMSRPT   TSTCAUDT ALTER
STLLRPT           WRITE
STLLRPT  *        READ
STLLRPT  SYSPAUDT ALTER
STLLRPT  TSTCAUDT ALTER
SVCRPT            WRITE
SVCRPT   *        READ
SVCRPT   SYSPAUDT ALTER
SVCRPT   TSTCAUDT ALTER
TCPRPT            WRITE
TCPRPT   *        READ
TCPRPT   SYSPAUDT ALTER
TCPRPT   TSTCAUDT ALTER
TRACERPT *        NONE
TRACERPT AUDTAUDT READ
TRACERPT PCSPAUDT ALTER
TRACERPT STCGAUDT UPDATE
TRACERPT SYSPAUDT ALTER
TRACERPT TSTCAUDT ALTER
UADSRPT           READ
UADSRPT  *        EXECUTE
UADSRPT  AUDTAUDT READ
UADSRPT  EMERAUDT READ
UADSRPT  SECAAUDT UPDATE
UADSRPT  SYSPAUDT ALTER
UADSRPT  TSTCAUDT ALTER
USSRPT   *        READ
USSRPT   SYSPAUDT ALTER
USSRPT   TSTCAUDT ALTER